A recent report has revealed that over 57 distinct threat actors, linked to nations like China, Iran, North Korea, and Russia, have adopted AI technology, specifically tools like Google’s Gemini, to enhance their cyber and information operations. These state-backed hackers are using AI for various tasks such as researching vulnerabilities, troubleshooting code, and developing payloads. The advanced AI tools also help in creating and localizing content for cyber attacks, making these threat actors more efficient in their operations.
Iranian-backed APT groups, particularly APT42, have been identified as the most frequent users of Gemini, leveraging AI to create phishing campaigns, conduct reconnaissance, and generate content with cybersecurity themes. The group, which has previously targeted Western and Middle Eastern organizations, also uses Gemini to deepen their research on military systems and aerospace technologies. APT42’s focus includes using social engineering to infiltrate networks and extract valuable data, often posing as journalists or event organizers.
Chinese APT groups have used Gemini to assist with reconnaissance and code troubleshooting. They also utilize the AI to penetrate deeper into victim networks by employing methods such as lateral movement, privilege escalation, and data exfiltration. Meanwhile, Russian actors have primarily focused on using AI to convert existing malware into different coding languages and add encryption, while North Korean groups have sought Gemini’s help for researching infrastructure and generating job application content to help with their clandestine activities.
The use of AI in cyber operations has also extended to the underground world, where malicious versions of large language models (LLMs), such as WormGPT and FraudGPT, have been designed to aid in phishing attacks and business email compromises. Google is actively working on defenses to mitigate these threats and urges increased collaboration between the private sector and government to bolster national and economic security in the face of growing cyber threats.
